Plain language law

New Zealand law explained for everyone

This page is about a bill. That means that it's not the law yet, but some people want it to be the law. It could change quickly, and some of the information is just a draft.

Customer and Product Data Bill

Regulated data services - Main obligations - Customer data

16: Data holder may or must refuse request for data in certain circumstances

You could also call this:

“Companies can sometimes say no to sharing your information to keep you safe”

This new bill suggests that in some cases, a company holding your data can say no when you or someone you trust asks for it. They can do this if giving out the data might put someone in danger or make them very unsafe. They can also refuse if they think sharing the data could lead to someone being badly harassed.

The company can also say no if they believe sharing the data might harm their computer systems or a special list they keep. If you owe the company money for asking for your data, they might not give it to you. The same goes for trusted people who ask for your data on your behalf - if they owe money, the company might refuse.

There might be other reasons why the company can say no, which will be written in special rules.

The bill also says that the company must refuse to give out your data if they think someone is threatening to hurt you to make you ask for it.

When the bill talks about a ‘serious threat’, it means the company thinks there’s a real chance something bad could happen, it would be very harmful if it did happen, and it could happen soon.

This text is automatically generated. It might be out of date or be missing some parts. Find out more about how we do this.

This page was last updated on

View the original legislation for this page at https://legislation.govt.nz/act/public/1986/0120/latest/link.aspx?id=LMS922170.

Previous

15: Data holder must provide customer data to accredited requestor if customer’s authorisation is confirmed, or

“Companies must share your information when someone you trust asks for it”

Next

17: Sections 14 and 15 do not prevent request to access personal information being made in some other manner, or

“You can still ask for your personal information in other ways”

Part 2 Regulated data services
Main obligations: Customer data

16Data holder may or must refuse request for data in certain circumstances

  1. Despite sections 14 and 15, a data holder may refuse to provide any data requested under either of those sections—

  2. if the disclosure of the data would be likely to pose a serious threat to the life, health, or safety of any individual, or to public health or public safety (see subsection (3)); or
    1. if the data holder reasonably believes that disclosure of the data would create a significant likelihood of serious harassment of an individual; or
      1. if the data holder reasonably believes that disclosure of the data would be likely to have a materially adverse effect on the security, integrity, or stability of either or both of the following:
        1. the data holder’s information and communication technology systems:
          1. the register; or
          2. in the case of section 14, if the customer owes a debt to the data holder in relation to charges imposed in connection with the request; or
            1. in the case of section 15, if the accredited requestor owes a debt to the data holder in relation to charges imposed in connection with the request or any other regulated data services; or
              1. in the circumstances prescribed in the regulations or standards.

                1. Despite sections 14 and 15, a data holder must refuse to provide any data requested under either of those sections if the data holder has reasonable grounds to believe that the request is made under the threat of physical or mental harm.

                2. In this Act, serious threat means a threat that a data holder reasonably believes to be a serious threat having regard to all of the following:

                3. the likelihood of the threat being realised; and
                  1. the severity of the consequences if the threat is realised; and
                    1. the time at which the threat may be realised.